Skills
skills/blitzreels/agent-skills/blitzreels-carousels-tiktok/Gen Agent Trust Hub

blitzreels-carousels-tiktok

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The script scripts/tiktok.sh executes another script using a relative path structure (../../blitzreels-carousels/scripts/carousel.sh). This is a standard delegation pattern for modular skill design but relies on the integrity and presence of the parent directory's contents.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted user data via --titles and --images flags. This represents a potential indirect prompt injection surface for the downstream BlitzReels API or media renderer.\n
  • Ingestion points: scripts/tiktok.sh accepts user arguments --titles and --images.\n
  • Boundary markers: None identified in the provided wrapper script to delimit user content from command instructions.\n
  • Capability inventory: The skill performs subprocess execution (exec bash) and interacts with external APIs (as documented in the Quickstart).\n
  • Sanitization: No sanitization or validation of the --titles or --images inputs is performed within the provided script.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:50 PM